Yeah, I know. Everyone has their own fix for the problem, but I really think these steps would take care of most of it.
1. Free firewall software from an ISP for all Windows boxes. I really don't think ZoneLabs would charge too much for an ISP to distribute the free version of ZoneAlarm. Ditto that for AdAware or Spybot S&D.
2. Free virus-scanning of all email. Don't scan for spam and forward through all virus-stripped email just in case it contains important information. I know, most viruses are ONLY viruses, but you never know what may come later.
3. Have ISPs monitor port 25. If traffic is seen, test it for an open relay. This could be part of the contract the customer would sign. If it's an open relay, block it and tell the customer to clean up the machine if they want it open.
4. Once a new major virus such as MSBlast hits, monitor for it's traffic and block appropriately or take them offline until it's fixed. Of course the virtual network with cleaning tools is a good idea, also.
If this doesn't happen (and I don't expect it to) people with computers HAVE to learn that running a computer hooked up to the Internet is a responsibility. If they can't learn how to manage it properly, they should hire someone to do it. You have to maintain your car and people don't complain too much about it. If they do, people may feel sorry for them, but that's as much slack as they get. Don't fix it? Don't drive.
I took a vacation to "second-world" country and it was so nice not seeing advertisements. The only ad for a product that I recognized was a sign at the boat filling station stating where the fuel came from.
Here I've been thinking that if the in-your-face advertising got too bad, I just move to a country like that. If ads in space "fly", I may have to build myself a rocket and move to Mars.
While I don't completely disagree with this. You must take Joe Jobs into consideration. This is when one business (say the competitor of the company in the ad) takes out a blatently spam advertisement, selling his competitor's product. The competitor gets the bad rap, fine, whatever and the one who bought the ad just sits and grins.
When things like this happen, my thoughts are "Evil vs Evil. I hope the battle does much damage to both sides with the most evil (spam) being destroyed in the process." Hey, you've got to have priorities.
I remember how the software companies back then would implement non-standard sectors on the floppies, causing some very strange disk-reading noises. A few even used the floppy drive to play music by causing them to read the disk in some wierd way. It's been too long. I don't remember the program names or what companies they were, but anyone who had/has an Amiga might be able to tell you.
Re:OMG you are a genious.
on
The Universal Card
·
· Score: 2, Informative
that is why NONE of my cards are signed but say in big sharpie ink.. "CHECK MY ID!"
Technically, if you DON'T sign it, it is not valid. I can see your point about putting "CHECK MY ID!", but according to most terms of credit cards, it shouldn't be honored. Now, if you don't sign the card and don't put "CHECK MY ID" on it either, you are just asking for trouble. Let's say a thief gets a hold of an unsigned card without "CHECK MY ID" in the signature box. All the thief has to do is sign your name with his own hand. Viola! The signature will match every time.
Whereas the new Welchia/Nachi worm cleans the MyDoom viruses, sets the hosts file back to just 127.0.0.1 localhost, installs a few Microsoft patches, reboots and scans for other MyDoom, MSBlast and Welchia infected machines to clean. It also sets up a web server on the machine serving a webpage with a cryptic message about various Japanese and Korean massacres. It then disables itself on June 1, 2004, or after running 180 days, whichever comes first.
I don't normally like any Windows virus, but I have a tough time not liking this one.
The Nachi worm and Code Green were attempts to fix Blaster and Code Red. They caused more damage than they fixed - especially Nachi which is still flooding everyone with ICMP echo requests.
Very good point. Granted, humans make mistakes, but if someone was extremely careful and wrote their whitehat virus to only attempt to send itself to any machine that first attempted to relay mail through the whitehat infected machine, I think that could make some progress. If it was written well enough, some admins might even infect their email gateways on purpose.
Out of curiosity, does the poll continue until all quota in all categories have been met (so the total number of phone calls made is actually way above 1000 since some categories are more likely to pick u p the phone) ?
That is correct. So, as an example, if, for our survey, we need:
100 males 35-65
100 males 18-34
100 females 35-65
100 females 18-34
Then, based on my recollection, (it's been many years since I was in the industry) the quota of 100 females 35-65 would be filled first. When we encountered more that would fit into this catagory, we would stop at the qualifying questions, but continue to try to find more people. The poll continues until we fill each of the quotas. It really got to be a pain nearing the end of a survey when all we had left to complete was a very few males in a narrow age range, say 35-45. So, yes, the number of phone calls would be way, way over the 400 needed in this hypothetical survey. Think of how many people opt not to participate or don't qualify at all.
It was up to the survey writers to put together the age/sex/whatever quotas, so I don't know how they determined how many of each had to be spoken to.
I am very, very glad to be out of the business. While it is a business that is interesting and needed, they are compared to telemarketers and are treated that way.
What are the odds that calling randomly people, you will find at home young or active persons ?
I worked in the market research industry for a (very) short time. In order to get a proper cross-section of the population, we were given a number of people from each from each population group that we had to reach. (75 men Age over 50, 100 men Aged 35-49, 75 women Age over 50 etc...) Without getting into too much detail about the market research industry, all surveys begin with a set of qualification questions. These determine if we want to get the opinion of this person. You've seen examples of this when a survey says "25% of SUV owners blah blah blah..." Our qualification questions included age, sex and several other traits, depending on the survey. Once we reached the correct number of people in a group, and we encountered another person within that group, we stopped at the qualification questions and did not proceed further because we didn't need any more of that group.
While it may not skew the results, increasing numbers of people using mobile phones only (I'm one of them) will make the job of pollsters substantially more difficult.
no, it doesn't say that at all. at least, not in the article. In fact, it says just the opposite.
You are correct, sort of. In one part of the article, he states:
He would identify himself, as required, and would honor any requests to be removed from his mailing lists, he said. He said that he was counting on Internet providers, in return, to stop trying to block his messages.
Which seems to indicate that he doesn't currently honor the requests. In another part of the article, the article says:
He insists, though, that he has always honored requests for removal from his list...
Which bluntly states that he always has honored removal requests. But then the article quotes:
We will have to put in our address and a real 'unsubscribe' list,'' at an added cost, he said, of $3,000 a month.
So in conclusion, he's talking out of his ass and you can't believe a word he says, which I believe is standard for spammers.
One time I typed in a program on my Vic 20 that created a FULL SCREEN animated graphic. The program reassigned each pixel in a character (they were 8X8 pixels) and then it typed the appropriate characters at the appropriate spot on the screen to make a picture. It was a beach scene complete with waves and a seagull flying by. Took hours to type in and filled practically every bit of RAM in the machine. I made sure I saved a few copies of that program to tape since I didn't want to go through all that typing again. Then when I wanted to load it up to show a friend, it took about 10-15 minutes to load. This was for, what, 20X20 characters on the screen which amounted to 160X160 pixels. Wow! Hi-res graphics!
I don't normally opt-out of ANY spam. In this case, I knew they already had the email address and knew it was valid. This was a company I was dealing with while we were evaluating different anti-spam software, not just any spammer. I opted out because the fact that they deal in anti-spam software told me that they could be trusted not to spam. I was obviously wrong.
Not only do some anti-spam software companies make deals with spammers (according to the article), but some also are among the worst spammers.
I talked to a few different anti-spam software companies over the last few months. With each of them, I told them that once we made the decision on which (if any) software to go with, I wanted absolutely no further phone calls or emails trying to sell me their product. We made our decision just over 3 weeks ago and informed the software venders.
Two weeks ago, I received a spam from one of the venders we didn't purchase from. (Yes, the software we decided on caught it, but still, it's the priniciple of the thing.) I followed their procedures to opt-out and also sent an email to the salesperson whose name and email address appeared in the email. I informed her that I told them that I wanted no emails from them trying to sell me their software. I explained how disappointed I was in them and asked to receive no further emails.
A few days later, I received another spam from them. This one was "signed" by a VP of the company. Again, I opted out and sent an email to the VP explaining the entire situation. I explained that I was beyond disappointed and was now getting angry. I demanded that I not receive another sales email from them and explained that if I did, I would be passing the word about their tactics to friends that might be in the market for such software.
Guess what? I got another one. This time, I called the salesperson I was dealing with and explained that I was going to tell everyone I know about how Intellireach is an anti-spam software company that spammed me, did not honor my request to not get spammed in the first place and also did not honor several opt-out requests when the requests followed the instructions in the spam.
Garibaldi was played by Jerry Doyle. I agree. The first 1.5 seasons kinda sucked. Whenever a friend wants to start watching the show, I encourage them. I also warn them that the first season and a half will make them wonder why they are doing it. But it is very important that they start there since there are a few things set up that are important later in the series. Once you make it to season 2, episode 9: The Coming of Shadows, THAT'S when things get interesting. The pace picks up and things don't really slow down until the end of season 4.
Only 16 more days until Season 4 comes out on DVD!
Re:How bothersome is spam for most slashdotters?
on
The Life of a Spammer
·
· Score: 1
Now how about the sysadmin reading slashdot. The one that maintains that mailserver and has to find storage for all of that crap that comes pouring in. The one that has to setup spamassassin on the servers and teach people (which is probably the worst part) how to setup their outlook clients to filter all of this. The one that has to hear complaints about the 2-3 spam getting through over the 3 trillion that came in during the week and the one that has to requistition the money to maintain the spamfiltration instead of it going elsewhere in the company.
That would be me. I'm still trying to find a way to teach 1500 people about the evils of spam. Some STILL buy from them, then complain when they get more. Someone PLEASE show me how to get through to these people! Blocking over 60,000 spams per week. Someone better hope I never get a hold of one.
I have to agree. A couple of years ago, when things were going particularly bad in my life, a friend of mine loaned me his copy of "Callahan's Crosstime Saloon". He said "If that doesn't cheer you up, nothing will." While I can't say it was a masterpiece, it did what my friend said it would. It's a fun read and it's one I didn't want to put down at the end. I wanted to walk down the street to Callahan's, speak my peace about things going on, and throw a glass into the fireplace. Alas, no such place.
Very close to what I asked for for Christmas. Actually, what I asked for was:
"Hey! If any of you are looking for any last-minute gift ideas for me, I have one. I'd like one spammer, right here tonight. I want him brought from his happy holiday slumber over there on Melody Lane with all the other spammers and I want him brought right here, with a big ribbon on his head, and I want to look him straight in the eye and I want to tell him what a cheap, lying, no-good, rotten, four-flushing, low-life, snake-licking, dirt-eating, inbred, overstuffed, ignorant, blood-sucking, dog-kissing, brainless, dickless, hopeless, heartless, fat-ass, bug-eyed, stiff-legged, spotty-lipped, worm-headed sack of monkey shit he is! Hallelujah! Holy Shit! Where's the Tylenol?"
-- (Paraphrased Clark Griswald from "Christmas Vacation")
Since it was a Loudoun County grand jury who handed down the indictments, Loudoun Times has more details. According to their article:
Kilgore made the announcement at America Online headquarters in Dulles, along with officials from AOL, MCI and UUNet.
The state law makes spam criminal in Virginia if any part of the spam transactions occur in any Virginia locality. Kilgore said the spam in these two cases was sent "through servers located in Virginia."
And while the announcement came in the gleaming AOL headquarters, Kilgore declined to be specific about the location of the servers in Loudoun County or provide further details, citing the coming prosecutions.
Authorities in Raleigh, N.C., obtained a search warrant and arrested Jeremy Jaynes Thursday morning and charged him with four felony counts of using fraudulent means to transmit unsolicited, bulk e-mail in violation of the Virginia's anti-spam law, Kilgore said.
Each felony count carries a punishment of one to five years in prison and a fine of up to $2,500, or both.
Jaynes also goes by the aliases Jeremy James or Gaven Stubberfield, Kilgore said. The Register of Known Spam Operations lists Stubberfield as the eighth-most prolific spammer on its Web site www.spamhaus.com, according to Kilgore.
The indictment alleges Jaynes sent spam that exceeded 10,000 e-mails per day on three separate days in July, and that he sent more than 100,000 e-mails during a 30-day period in July and August, Kilgore said.
The state law makes it a felony to send unsolicited, bulk e-mail by fraudulent means such as removing the sender information, thus preventing recipients from replying or knowing who sent the e-mail. The spam is illegal if the volume exceeds 10,000 e-mails in 24 hours or 100,000 in 30 days, or if the revenue from the spam exceeds $1,000 or if the total revenue from the spam transmitted to any Internet service provider exceeds $50,000.
Tipping ensures good service; and you only tip when you get that good service. The only time that tipping is higher is with large groups of people
Not everywhere. I took a trip to Miami earlier this year and every tab had 15% added on as a tip. This was always either one or two people, not a group of people. The final straw was where I got completely lousy service. The only time the waitress came to my table was to take my order and give me my food. I wasn't offered a single refill or asked even once how everything was. I had to ask for the check since the waitress acted like I wasn't there. Then there was a 15% tip tacked onto the bill. When I complained to the owner, rather than apologize, he said, "No one's ever complained before." Nothing else. Told him I'd never be back and haven't returned.
When a tip isn't assumed, I am a very good tipper. You have to give crappy service for me to tip less than 20%. If a restaraunt decides that a tip should be 15%, that's exactly what they will get, nothing more. And I tell the waiters that.
The problem with computer security is not that keys are not complex enough. It's that people expect one key should be able to do everything, which is just silly. Do you have one key for your car, your house, your bank box, your office, your post box and your ATM card? Or is several dozen keys, maybe on a few different rings?
This is definitely true. We need to get people to think of their passwords as keys. Right now, people tend to think of them as unnecessarily complicated On/Off switches and treat them accordingly.
I rename the administrator account for my net-facing servers to some nearly random series of characters that no one could guess, but I know and also have hidden away, just in case. I rename the "Guest" account to "Administrator", disable it, expressly deny logon rights and expressly deny NTFS permissions to the root of the C: drive. Should take care of anyone attempting to log on as "Administrator" AND "Guest".
I was talking with a salesperson of an anti-spam package last week. She said that I could tweak the rules so the spam I WANT to receive makes it through. I asked her why in the world I would want any through, and she said, "Sometimes you can find some good deals in spam." She then told me about something she had recently purchased from spam. I can't remember just what it was. I was too busy trying to get my brain around the fact that she actually purchased something from spam. 8-/
Slashdot Mirror
Yeah, I know. Everyone has their own fix for the problem, but I really think these steps would take care of most of it.
1. Free firewall software from an ISP for all Windows boxes. I really don't think ZoneLabs would charge too much for an ISP to distribute the free version of ZoneAlarm. Ditto that for AdAware or Spybot S&D.
2. Free virus-scanning of all email. Don't scan for spam and forward through all virus-stripped email just in case it contains important information. I know, most viruses are ONLY viruses, but you never know what may come later.
3. Have ISPs monitor port 25. If traffic is seen, test it for an open relay. This could be part of the contract the customer would sign. If it's an open relay, block it and tell the customer to clean up the machine if they want it open.
4. Once a new major virus such as MSBlast hits, monitor for it's traffic and block appropriately or take them offline until it's fixed. Of course the virtual network with cleaning tools is a good idea, also.
If this doesn't happen (and I don't expect it to) people with computers HAVE to learn that running a computer hooked up to the Internet is a responsibility. If they can't learn how to manage it properly, they should hire someone to do it. You have to maintain your car and people don't complain too much about it. If they do, people may feel sorry for them, but that's as much slack as they get. Don't fix it? Don't drive.
Turn your Little Dipper into a Big Dipper.
I took a vacation to "second-world" country and it was so nice not seeing advertisements. The only ad for a product that I recognized was a sign at the boat filling station stating where the fuel came from.
Here I've been thinking that if the in-your-face advertising got too bad, I just move to a country like that. If ads in space "fly", I may have to build myself a rocket and move to Mars.While I don't completely disagree with this. You must take Joe Jobs into consideration. This is when one business (say the competitor of the company in the ad) takes out a blatently spam advertisement, selling his competitor's product. The competitor gets the bad rap, fine, whatever and the one who bought the ad just sits and grins.
Microsoft and AOL are evil.
Spam is evil.
Microsoft and AOL are fighting spam.
Microsoft and AOL are fighting evil?
When things like this happen, my thoughts are "Evil vs Evil. I hope the battle does much damage to both sides with the most evil (spam) being destroyed in the process." Hey, you've got to have priorities.
I remember how the software companies back then would implement non-standard sectors on the floppies, causing some very strange disk-reading noises. A few even used the floppy drive to play music by causing them to read the disk in some wierd way. It's been too long. I don't remember the program names or what companies they were, but anyone who had/has an Amiga might be able to tell you.
that is why NONE of my cards are signed but say in big sharpie ink.. "CHECK MY ID!"
Technically, if you DON'T sign it, it is not valid. I can see your point about putting "CHECK MY ID!", but according to most terms of credit cards, it shouldn't be honored. Now, if you don't sign the card and don't put "CHECK MY ID" on it either, you are just asking for trouble. Let's say a thief gets a hold of an unsigned card without "CHECK MY ID" in the signature box. All the thief has to do is sign your name with his own hand. Viola! The signature will match every time.
Whereas the new Welchia/Nachi worm cleans the MyDoom viruses, sets the hosts file back to just 127.0.0.1 localhost, installs a few Microsoft patches, reboots and scans for other MyDoom, MSBlast and Welchia infected machines to clean. It also sets up a web server on the machine serving a webpage with a cryptic message about various Japanese and Korean massacres. It then disables itself on June 1, 2004, or after running 180 days, whichever comes first.
I don't normally like any Windows virus, but I have a tough time not liking this one.
The Nachi worm and Code Green were attempts to fix Blaster and Code Red. They caused more damage than they fixed - especially Nachi which is still flooding everyone with ICMP echo requests.
Very good point. Granted, humans make mistakes, but if someone was extremely careful and wrote their whitehat virus to only attempt to send itself to any machine that first attempted to relay mail through the whitehat infected machine, I think that could make some progress. If it was written well enough, some admins might even infect their email gateways on purpose.
Out of curiosity, does the poll continue until all quota in all categories have been met (so the total number of phone calls made is actually way above 1000 since some categories are more likely to pick u p the phone) ?
That is correct. So, as an example, if, for our survey, we need:
100 males 35-65
100 males 18-34
100 females 35-65
100 females 18-34
Then, based on my recollection, (it's been many years since I was in the industry) the quota of 100 females 35-65 would be filled first. When we encountered more that would fit into this catagory, we would stop at the qualifying questions, but continue to try to find more people. The poll continues until we fill each of the quotas. It really got to be a pain nearing the end of a survey when all we had left to complete was a very few males in a narrow age range, say 35-45. So, yes, the number of phone calls would be way, way over the 400 needed in this hypothetical survey. Think of how many people opt not to participate or don't qualify at all.
It was up to the survey writers to put together the age/sex/whatever quotas, so I don't know how they determined how many of each had to be spoken to.
I am very, very glad to be out of the business. While it is a business that is interesting and needed, they are compared to telemarketers and are treated that way.
What are the odds that calling randomly people, you will find at home young or active persons ?
I worked in the market research industry for a (very) short time. In order to get a proper cross-section of the population, we were given a number of people from each from each population group that we had to reach. (75 men Age over 50, 100 men Aged 35-49, 75 women Age over 50 etc...) Without getting into too much detail about the market research industry, all surveys begin with a set of qualification questions. These determine if we want to get the opinion of this person. You've seen examples of this when a survey says "25% of SUV owners blah blah blah..." Our qualification questions included age, sex and several other traits, depending on the survey. Once we reached the correct number of people in a group, and we encountered another person within that group, we stopped at the qualification questions and did not proceed further because we didn't need any more of that group.
While it may not skew the results, increasing numbers of people using mobile phones only (I'm one of them) will make the job of pollsters substantially more difficult.
You are correct, sort of. In one part of the article, he states:
He would identify himself, as required, and would honor any requests to be removed from his mailing lists, he said. He said that he was counting on Internet providers, in return, to stop trying to block his messages.
Which seems to indicate that he doesn't currently honor the requests. In another part of the article, the article says:
He insists, though, that he has always honored requests for removal from his list...
Which bluntly states that he always has honored removal requests. But then the article quotes:
We will have to put in our address and a real 'unsubscribe' list,'' at an added cost, he said, of $3,000 a month.
So in conclusion, he's talking out of his ass and you can't believe a word he says, which I believe is standard for spammers.
One time I typed in a program on my Vic 20 that created a FULL SCREEN animated graphic. The program reassigned each pixel in a character (they were 8X8 pixels) and then it typed the appropriate characters at the appropriate spot on the screen to make a picture. It was a beach scene complete with waves and a seagull flying by. Took hours to type in and filled practically every bit of RAM in the machine. I made sure I saved a few copies of that program to tape since I didn't want to go through all that typing again. Then when I wanted to load it up to show a friend, it took about 10-15 minutes to load. This was for, what, 20X20 characters on the screen which amounted to 160X160 pixels. Wow! Hi-res graphics!
I don't normally opt-out of ANY spam. In this case, I knew they already had the email address and knew it was valid. This was a company I was dealing with while we were evaluating different anti-spam software, not just any spammer. I opted out because the fact that they deal in anti-spam software told me that they could be trusted not to spam. I was obviously wrong.
Not only do some anti-spam software companies make deals with spammers (according to the article), but some also are among the worst spammers.
I talked to a few different anti-spam software companies over the last few months. With each of them, I told them that once we made the decision on which (if any) software to go with, I wanted absolutely no further phone calls or emails trying to sell me their product. We made our decision just over 3 weeks ago and informed the software venders.
Two weeks ago, I received a spam from one of the venders we didn't purchase from. (Yes, the software we decided on caught it, but still, it's the priniciple of the thing.) I followed their procedures to opt-out and also sent an email to the salesperson whose name and email address appeared in the email. I informed her that I told them that I wanted no emails from them trying to sell me their software. I explained how disappointed I was in them and asked to receive no further emails.
A few days later, I received another spam from them. This one was "signed" by a VP of the company. Again, I opted out and sent an email to the VP explaining the entire situation. I explained that I was beyond disappointed and was now getting angry. I demanded that I not receive another sales email from them and explained that if I did, I would be passing the word about their tactics to friends that might be in the market for such software.
Guess what? I got another one. This time, I called the salesperson I was dealing with and explained that I was going to tell everyone I know about how Intellireach is an anti-spam software company that spammed me, did not honor my request to not get spammed in the first place and also did not honor several opt-out requests when the requests followed the instructions in the spam.
Garibaldi was played by Jerry Doyle. I agree. The first 1.5 seasons kinda sucked. Whenever a friend wants to start watching the show, I encourage them. I also warn them that the first season and a half will make them wonder why they are doing it. But it is very important that they start there since there are a few things set up that are important later in the series. Once you make it to season 2, episode 9: The Coming of Shadows, THAT'S when things get interesting. The pace picks up and things don't really slow down until the end of season 4.
Only 16 more days until Season 4 comes out on DVD!
Now how about the sysadmin reading slashdot. The one that maintains that mailserver and has to find storage for all of that crap that comes pouring in. The one that has to setup spamassassin on the servers and teach people (which is probably the worst part) how to setup their outlook clients to filter all of this. The one that has to hear complaints about the 2-3 spam getting through over the 3 trillion that came in during the week and the one that has to requistition the money to maintain the spamfiltration instead of it going elsewhere in the company.
That would be me. I'm still trying to find a way to teach 1500 people about the evils of spam. Some STILL buy from them, then complain when they get more. Someone PLEASE show me how to get through to these people! Blocking over 60,000 spams per week. Someone better hope I never get a hold of one.
I have to agree. A couple of years ago, when things were going particularly bad in my life, a friend of mine loaned me his copy of "Callahan's Crosstime Saloon". He said "If that doesn't cheer you up, nothing will." While I can't say it was a masterpiece, it did what my friend said it would. It's a fun read and it's one I didn't want to put down at the end. I wanted to walk down the street to Callahan's, speak my peace about things going on, and throw a glass into the fireplace. Alas, no such place.
Sorry! I didn't include the link to the actual story.
-- (Paraphrased Clark Griswald from "Christmas Vacation")
Now, the question is, "Do they deliver?"
Tipping ensures good service; and you only tip when you get that good service. The only time that tipping is higher is with large groups of people
Not everywhere. I took a trip to Miami earlier this year and every tab had 15% added on as a tip. This was always either one or two people, not a group of people. The final straw was where I got completely lousy service. The only time the waitress came to my table was to take my order and give me my food. I wasn't offered a single refill or asked even once how everything was. I had to ask for the check since the waitress acted like I wasn't there. Then there was a 15% tip tacked onto the bill. When I complained to the owner, rather than apologize, he said, "No one's ever complained before." Nothing else. Told him I'd never be back and haven't returned.
When a tip isn't assumed, I am a very good tipper. You have to give crappy service for me to tip less than 20%. If a restaraunt decides that a tip should be 15%, that's exactly what they will get, nothing more. And I tell the waiters that.
The problem with computer security is not that keys are not complex enough. It's that people expect one key should be able to do everything, which is just silly. Do you have one key for your car, your house, your bank box, your office, your post box and your ATM card? Or is several dozen keys, maybe on a few different rings?
This is definitely true. We need to get people to think of their passwords as keys. Right now, people tend to think of them as unnecessarily complicated On/Off switches and treat them accordingly.
I rename the administrator account for my net-facing servers to some nearly random series of characters that no one could guess, but I know and also have hidden away, just in case. I rename the "Guest" account to "Administrator", disable it, expressly deny logon rights and expressly deny NTFS permissions to the root of the C: drive. Should take care of anyone attempting to log on as "Administrator" AND "Guest".
I was talking with a salesperson of an anti-spam package last week. She said that I could tweak the rules so the spam I WANT to receive makes it through. I asked her why in the world I would want any through, and she said, "Sometimes you can find some good deals in spam." She then told me about something she had recently purchased from spam. I can't remember just what it was. I was too busy trying to get my brain around the fact that she actually purchased something from spam. 8-/